ExpensiveWall malware goes to ruin 50 Google Play apps

At some point, you really have to feel bad for the folks in charge of the Google Play Store. Throughout 2017, there have been numerous incidents in which a large group of users have fallen prey to infected apps from the Play Store. While Google has done its best to react to security warnings from researchers, resulting often in the expulsion of infected apps, more malware-infected applications keep popping up. This is the case yet again with 50 Google Play apps that were recently discovered to possess malware. The difference with this malware, called ExpensiveWall, is that it is merely the latest of multiple versions that managed to find their way onto Google Play apps. Security researchers at Check Point have been monitoring ExpensiveWall malware since they first alerted Google in early August. As they state in a blog post, ExpensiveWall malware has emerged again and managed to have been downloaded at least 1 million times via the 50 apps.

Check Point

The creators have what seems to be a financial motivation, as Check Point researchers state that the ExpensiveWall malware “sends fraudulent premium SMS messages and charges users’ accounts for fake services without their knowledge.” What differentiates it from the previous incarnations in this malware family is a technique called “packed.” The technique is explained by Check Point researchers as:

A more sinister possibility exists, unfortunately, even though the ExpensiveWall malware has not been spotted doing this yet. According to Check Point, the real danger of ExpensiveWall is the ability for spying due to the permissions the apps it infects require. As the researchers state in their blog:

A similar malware could be easily modified to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send the data to a command and control (C&C) server. Since the malware is capable of operating silently, all of this illicit activity takes place without the victim’s knowledge, turning it into the ultimate spying tool.

While Google has ejected the apps each time the malware family surfaced, the damage has been immense. In total, researchers estimate that apps with ExpensiveWall malware and its predecessors have been downloaded “between 5.9 million and 21.1 million times.” Considering that the malware has infiltrated the Play Store numerous times, it is only a matter of time before its creators find a new way to enter the marketplace.

One method one can utilize to prevent complex malware attacks like ExpensiveWall is ensuring that your cybersecurity software is capable of protections that employ static and dynamic app analysis. This can possibly block the malware at the source by analyzing its operations and internal code. Other than that, maybe hold off downloading anything from the Google Play Store until the company gets its act together. The malware infections on approved applications for Android devices have been too frequent for me, as a cybersecurity professional, to endorse the Play Store as a safe entity at this time.

Featured Links

Read Next

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Latest Podcast

Featured Freeware

Recommended

Follow Us

ExpensiveWall malware goes to ruin 50 Google Play apps

TECHGENIX

TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.